Quarantined file disappeared from the manager

---

Rebel wrote:

I've already deleted the logs.

I ran Sophos, and it said there were 4 threats. Opened QM, several lines of text appeared then quickly vanished.

I opened the log and at the bottom the 4 threats were listed - 2 were animated gifs, and I don't remember what the others were.

These gifs have been on my computer for several years, but this was the first time I've run a-v software.

I went to the folder, which contains thousands of animated gifs, and deleted the 2 that were listed.

So, as I said, the threats were still there, they had not been moved/deleted by Sophos, I had to do it.

I still have these files on my TM, if you want to see them for some reason.

I don't know what "crucial information" is missing.

I've already said (in two threads) that when threats are detected, they appear in QM for a second or two then disappear. I've already said that I then had to go read the log to see what the threats were. And I've already said I had to manually delete the files after that.

What did I leave out that you need to know?

I'm running 7.3.10c.

And since no one from Sophos seems interested in responding to this issue in my other topic, I'll say it again here:

HOW ABOUT SOME RELEASE NOTES AND A VERSION NUMBER ON THE DOWNLOAD PAGE?!

I'm still waiting for Sophos to let me know which version it was that I downloaded 9 days ago.

I'm not going to install something without knowing which version it is, especially when I've already had trouble with one version and had to downgrade.

---

Item 1: would you please submit the animated gifs via the website submission tool?  I have my suspicions that you've encountered a QM bug, and that the wrong files were listed in the log.  We do have one other example of this happening to someone on the forum.  If you submit the files, we can examine them locally to verify that they are not malicious.

Item 2: Release notes would definitely be nice.  Version number = "latest" with a caveat -- the files are served via Akamai, and the data store sometimes takes a while to sync to some locations worldwide -- so while one person may be downloading 8.0.2, someone else may be still downloading 8.0.1 from the same link.  My guess is that if you are having issues with the installer for 8.0.1, you'll likely have the same issues with 8.0.2, as the installer doesn't change AFAIK.  Someone closer to the release side of things will have to verify this.

As a test, I just re-downloaded the installer, and it has the same sha value as when I downloaded it to install 8.0.1.  This means that the initial installer component has not changed -- but the last step of the install process, to download and install all updates, will ensure that 8.0.2 is what gets installed.

As a question to other users of the forums: is anyone seeing the same "detection is there, then it's not" issue on SAV 8?  I know that the QM interface underwent a number of changes, so I'd expect that this behaviour may change a bit.  I haven't taken time yet to test it out for myself.

---

Rebel wrote:

I've already deleted the logs.

I ran Sophos, and it said there were 4 threats. Opened QM, several lines of text appeared then quickly vanished.

I opened the log and at the bottom the 4 threats were listed - 2 were animated gifs, and I don't remember what the others were.

These gifs have been on my computer for several years, but this was the first time I've run a-v software.

I went to the folder, which contains thousands of animated gifs, and deleted the 2 that were listed.

So, as I said, the threats were still there, they had not been moved/deleted by Sophos, I had to do it.

I still have these files on my TM, if you want to see them for some reason.

I don't know what "crucial information" is missing.

I've already said (in two threads) that when threats are detected, they appear in QM for a second or two then disappear. I've already said that I then had to go read the log to see what the threats were. And I've already said I had to manually delete the files after that.

What did I leave out that you need to know?

I'm running 7.3.10c.

And since no one from Sophos seems interested in responding to this issue in my other topic, I'll say it again here:

HOW ABOUT SOME RELEASE NOTES AND A VERSION NUMBER ON THE DOWNLOAD PAGE?!

I'm still waiting for Sophos to let me know which version it was that I downloaded 9 days ago.

I'm not going to install something without knowing which version it is, especially when I've already had trouble with one version and had to downgrade.

---

Item 1: would you please submit the animated gifs via the website submission tool?  I have my suspicions that you've encountered a QM bug, and that the wrong files were listed in the log.  We do have one other example of this happening to someone on the forum.  If you submit the files, we can examine them locally to verify that they are not malicious.

Item 2: Release notes would definitely be nice.  Version number = "latest" with a caveat -- the files are served via Akamai, and the data store sometimes takes a while to sync to some locations worldwide -- so while one person may be downloading 8.0.2, someone else may be still downloading 8.0.1 from the same link.  My guess is that if you are having issues with the installer for 8.0.1, you'll likely have the same issues with 8.0.2, as the installer doesn't change AFAIK.  Someone closer to the release side of things will have to verify this.

As a test, I just re-downloaded the installer, and it has the same sha value as when I downloaded it to install 8.0.1.  This means that the initial installer component has not changed -- but the last step of the install process, to download and install all updates, will ensure that 8.0.2 is what gets installed.

As a question to other users of the forums: is anyone seeing the same "detection is there, then it's not" issue on SAV 8?  I know that the QM interface underwent a number of changes, so I'd expect that this behaviour may change a bit.  I haven't taken time yet to test it out for myself.